Don't put a JWT in core.user.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4348 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
15
core/auth.js
15
core/auth.js
@ -260,12 +260,17 @@ function query(headers) {
|
||||
return {
|
||||
session: entry,
|
||||
permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session),
|
||||
refresh: {
|
||||
token: makeJwt({name: entry.name}),
|
||||
interval: kRefreshInterval,
|
||||
},
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export { handler, query };
|
||||
function make_refresh(credentials) {
|
||||
if (credentials?.session?.name) {
|
||||
return {
|
||||
token: makeJwt({name: credentials.session.name}),
|
||||
interval: kRefreshInterval,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export { handler, query, make_refresh };
|
||||
|
Reference in New Issue
Block a user